Authentication Bypass in D-Link DSL/DIR/DNS Devices Exposes DNS Configuration
CVE-2026-0625

9.3CRITICAL

Key Information:

Vendor: D-link
Status: Dsl-2640b; Dsl-2740r; Dsl-2780b; Dsl-526b
Vendor: CVE Published:; 5 January 2026

What is CVE-2026-0625?

Multiple D-Link DSL, DIR, and DNS devices have vulnerabilities in the dnscfg.cgi endpoint, allowing unauthorized access to the DNS configuration. Attackers exploiting this vulnerability can modify DNS settings without valid credentials, potentially leading to DNS hijacking attacks similar to past threats associated with the GhostDNS malware. With reported exploitation efforts observed in late 2025 and the end-of-life status of these products, it is crucial for users to be aware of the associated risks and discontinue the use of affected devices.

Affected Version(s)

DIR-600 0

DIR-608 0

DIR-610 0

References

https://supportannouncement.us.dlink.com/security/publica...

vendor-advisorymitigation

https://supportannouncement.us.dlink.com/announcement/pub...

vendor-advisory

https://supportannouncement.us.dlink.com/security/publica...

vendor-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 5, 2026
Vulnerability Reserved
Jan 5, 2026

Credit

The Shadowserver Foundation

VulnCheck

JSON

D-link

What is CVE-2026-0625?

Affected Version(s)

References

CVSS V4

Timeline

Credit